Attacks On Manets Based On Layered Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Security is one of the major qualitative parameter suggested by IETF MANET group for Mobile ad-hoc network (MANET)-which is an infrastructure less network with randomly moving nodes changing their network topology. This is the network where a node is itself responsible for creating, maintaining and terminating a route depending on the routing protocol. The absence of a central infrastructure makes MANET vulnerable to various security threats. These attacks are exploiting data, routing protocols and layers of the networks. A lot of research has already been done in the past but none of them could bring a secure approach in the MANET. This paper is representing a part of an ongoing research. In this paper we are presenting various attacks in an organized way according to the layers of internet model and presenting an overview regarding all the threats and attacks possible on MANETs.



MANET stands for mobile ad hoc networks, a wireless networks with randomly moving nodes and no infrastructure. The participating nodes are autonomous and acting as host and routers both. The network nodes have the ability of self configuration but no fixed topology as topology is continuously changing because of the mobility of the nodes. MANET have many applications, they can be used in battlefield communication or disaster relief operations or VANET etc. Internet engineering task force (IETF) has MANET working group that is devoted for the IP routing protocols for MANET. Just like the other networks, MANET is also vulnerable to different security attacks. With the security threats of both wired and wireless networks, MANET also introduces some attacks unique to itself.


The attacks on the MANET are classified on the basis of source i.e. external attacks and internal attacks and on the behavior of attack i.e. passive attacks and active attacks [1]. In this survey we are taking the reference of attacks as active and passive attacks only.


In external attack, the attacker is not the part of the network but is present outside the network. It tries to gain the access to the network and once the access is granted, it starts attacking. In internal attacks, the attacker gains an access to the network and enters as a normal node and participates in the network activities as well. The attacker hampers the network activities by sending some fake packets or creating other troubles to the network. [1]


Passive attacks include only the network and information monitoring. It involves tracking down the packets and extracting the information presented in them [2]. These attacks are mainly to steal the confidential data travelling on the network and monitor the traffic pattern over the network. Because they do not perform the actions on the network, they are tough to identify. The two common passive attacks are eavesdropping and traffic monitoring.


It includes the tracking and taping the information traversing on the network. Eavesdropper can actively study the data flowing over the network and steal the confidential information. Information may include passwords, secret keys etc. The confidentiality of the data is destroyed by this attack. This attack is dangerous and cannot be detected easily and hard to control.


These is the attack in which attacker do not try to read the information but rather try to monitor the traffic, traffic flow characteristics of the network channel or try to identify source destination pair. The attacker aims to trackdown the traffic pattern over the network and measure the intensity of traffic or the type of traffic flow at different different time intervals over the specific period of time.


Active attacks can be easily identified. Unlike former, the attacker is disturbing the network and by some or the other way. The aims of the attacker are to restrict the network services, steal the information, blocking information exchange. Active attacks are here classified according to their existence over different layers according to the internet model [3].


Jamming Attack

In this attack, the attacker tries to interfere with the communication flow and either prevents the sender from sending the information or prevent receiver to receive the information. This is a class of DoS or denial of service attack.


Black hole Attack

In this, the attacker sends false route replies to the route requests stating that it have the shortest route to the destination node whose traffic it wants to compromise. If the route is established then the data would be passed through the attacking node and it will be in a position to misuse or reject the traffic passing through it.[7] The black hole attacks works in 2 phases. First is to faking the presence of valid route for the desired node to exploit the routing protocol like AODV and second is to accept or reject the network packet coming to it. [5]

Wormhole attack

This type of attack uses tunneling mechanism. In this a data packet is located at one location in the network and is brought to the different location by the tunnel and creates a disruption in the route maintenance when the routing messages are tunneled. This is one biggest threat to different routing protocols in MANET. The longtime presence of this attack can prevent the route formation [3].

Byzantine attack

An attacking node works alone, or with a set of compromised intermediate nodes and carry out attacks like creating routing loops, forwarding packets via non-optimal paths, or selectively drops packets, which hampers the routing services [4][13]. The detection of such attack is tough because network will see the normally working node but in real, the node or nodes are showing the characteristics of this attack.

Attacks on the routing protocols

These are the attacks over the routing protocol that affects the network functionality and hampers the communication and data interchange [5].

Routing Table poisoning

In this type of attacks, the attacker node sends fictitious traffic to create false entries in the table of participating nodes. They may also send an RREQ packet with high sequence number that deletes all other RREQ packets with low sequence numbers. This results in creating of fake and non optimal routes and data inter exchange is compromised or hampered.

Routing table overflow

This attack aims to create routes to fake nodes which are not present in real. The attacker creates countless routes which will hinder the creation of the new routes and affects the protocol implementation in the network. The pro-active protocols are much sensitive to this attack as they constantly search for new routes to all possible nodes and they collect routing data in advance. The attacker can simple fake a route to the routers and nodes present in the network.

Rushing Attacks

In this type of attack, 2 or more attacking node forms a tunnel like structure like wormhole attack and exploits the data traversing through them. It acts as effective Dos against the routing protocols and data travels through the tunnel much faster. The duplicate suppression property of the routing protocol is compromised in rushing attack, attacking node quickly forwards the route discovery packet and gain access to the forwarding group [10].

Packet Replication

In this attack the attacker consume the additional bandwidth and battery power available to the user node and cause unnecessary confusion in the routing process by replicate stale packets.

Sleep Deprivation attack

This attack is also known as the Resource consumption attack. In this an attacker tries to consume battery life by requesting excessive route discovery packets to the victim node. In a routing protocol, sleep deprivation attacks can be launched by flooding the victim node with unnecessary routing packets by sending a large number of route requests (RREQ), route replies (RREP) or route errors (RERR) packets. As a result, the node will not be able to participate in the routing mechanisms and will be seen unreachable by the other nodes in the networks.

State Pollution attack

This is a condition in which the attacking node gives incorrect parameters reply. For example, a malicious allocator can always give the new node an occupied address, which results in repeated broadcast of Duplication Address Detection messages throughout the MANET and any new node will be rejected.


In a message modification attack, the attacker makes some changes to the routing messages, and thus attacks the integrity of the network packets. These malicious nodes exploit the sporadic relationships in the network to participate in the packet forwarding process, to launch the message modification attacks. This is dangerous attack as it hides the original information transmitted and forwards some vague information.

Sybil attack

In Sybil attack, the attacking node takes the identity of a non existing node and broadcasts multiple non existing identities. A single attacking node behaves as multiple nodes and can take the identity of legitimate node as well. The multiple node identities created by the attacking node are known as Sybil nodes and it can disturb the large part of the network [11].


The attacking nodes fabricate their own packets to create chaos in the network operations. They may inject large amount of packets in the network like the sleep deprivation attack and launch the attack. This type of attack can also be performed by an internal misbehaving node. The term "fabrication" is used while referring to attacks that generate false routing messages. These attacks usually come with the valid routing construct and their detection is also tough. [11]


SYN Flooding

In this attack the attacking node floods the network with large amount of syn packets for the victim node and creates the half open TCP connection with the targeted node. The targeted node would be waiting for the acknowledgement from the attacking node and store them in the routing table. This limits the reception of routes from other nodes and the targeted node would not be able to take part in the communication until it refreshes its table and clear all these half open connections[12][14].

Session Hijacking attack

Session hijacking takes advantage of the fact that the communications are usually protected at session setup, but not after that. In this the attacker firstly spoofs the IP address of target node and determines the correct sequence number to perform a DoS attack on the victim node. Thus the attacker steals the identity of the victim node and continues the session with the target [24].


Repudiation Attack

When a node denies of being a part of the communication either as sender or receiver but in actual it took part, this type of condition is called as repudiation [15]. In the network layer there is an option to install firewalls to check which packet is to be sent and received and in the transport layer end to end connection can be encrypted. But this does not solve the authentication or non-repudiation problems in general.


Packet dropping attacks

Packet dropping attacks involves the direct interruption to the routing messages. In this an attacker node becomes a part of the route discovery process and if it is selected as one of the intermediate node then it can launch this attack by dropping the packets randomly [16]. The rate of drop can vary, it could be periodically dropping the packets or randomly or selectively dropping the packets.

Gray hole attack

This attack is also known as the node misbehaving attack. The gray hole attack works in 2 steps. Firstly a malicious node or an attacking node advertise itself to possess a valid route to the destination node and intended to intercept the packet. Secondly it drops the intercepted packets. This malicious activity is different n different ways. It may drop packets while forwarding them in the network for a time and then switch to its normal behavior. [17][9].

Location Disclosure attack

In this an attacker reveals information regarding the structure of the network or the node's location. It gathers the node location information, like route map, and after this plans further attack scenarios [11]. Attackers try to figure out the network traffic pattern, changes in the traffic pattern and identities of the communication parties. The information leaked here can be misused in the security sensitive scenarios.

Link spoofing attack

This attack disrupts the routing operations by the fake advertisement of links with the neighbors. The malicious node can advertise the fake link information that disturbs the routing operations. As an example, when we work with OLSR protocol, an attacker advertises fake links with a target's two-hop neighbors [11] which can cause the target node to select the malicious node to be its multipoint relay and a malicious node can then attack data or routing traffic.

Colluding miserly attack

In this multiple attackers work together in collusion to drop or modify the routing packets and disrupt routing operation.

Impersonation or Spoofing attack

Spoofing attacks aims to steal the identity of the different node present in the network and steals the data which was originally meant for the other node [19][20]. This results in the wrong representation of network topology which can even cause the loops or partition in the network.

Neighbor attack

The goal of neighbor attackers is to affect multicast routes by illusion for the two nodes to believe that they can communicate with each other and are in fact out of each other's communication range. If these two nodes are part of the routing route then the data packets they exchange will be lost because there is no real connection between them. A neighbor attacker violates the routing protocol and does not need to involve itself later in the packet dropping process, since the packets will be lost eventually due to the fake links [11].

Jellyfish attack

In this an attacker first intrudes into the forwarding group of nodes and then it delays data packet for some time before forwarding them. This results in high end to end delay and high jitter and degrades the performance of applications. A malicious node launching Jellyfish attacks may keep active in both route discovering and packet forwarding to prevent its detection and diagnosis , but the malicious node can attack the traffic [21][22]. The Jellyfish attack is especially harmful to TCP traffic in that cooperative nodes can hardly differentiate these attacks from the network congestion

Denial of service (DoS)

Dos attacks attempt to prevent authorized users from the services offered by the network. The attacker either blocks the user from accessing the network resources or congests the network with the excess of vague data packets and prevents the user from accessing the network resources [23]. Several DOS attacks are as follows:

Sleep Deprivation torture

Jamming Attacks

SYN flooding

Link Spoofing Attack


The various attacks over the different layers in the Mobile Ad hoc Networks which are presented above are summarize in the Table1 according to their respective layer.



Link Layer

Jamming attack

Network Layer

Blackhole attack, wormhole attack, Byzantine attack, sleep deprivation attack, state pollution attack, Sybil attack, modification and fabrication.

Transport Layer

SYN attack and Session Hijacking

Application Layer

Repudiation attack

Multi Layer attacks

Packet dropping attacks, Gray hole attack, Location Disclosure attack, Jellyfish attack

Link spoofing attack, Colluding miserly attack, Impersonation, Neighbor attack, and Denial of service

Table1: summary of attacks


MANET lacks a central administration or infrastructure, limited resource availability like bandwidth and power due to which it lacks the authentication and control making them vulnerable for attackers to attack the network as it the protocols are incapable of performing security. Also because of the mobility of nodes it is hard to control the outgoing and incoming nodes and changing topologies makes it tougher. The various types of attacks are presented corresponding to the different layers of the network. From the study it has been clear that the passive attacks are only information seeking and are not disturbing the network and most of the attacks are made on network layer and routing of the data packets. There is lot of scope in the further study and developing the algorithms much more secure against these attacks and as well as those attacks which are yet to be discovered.